The statements in this section merely provide background information related to the present disclosure and may not constitute prior art.
Various technologies have recently been developed to link an external terminal (or external device), for example, a smartphone with a vehicle head unit or an audio video navigation (AVN) system installed in a vehicle.
For example, a smartphone manufacturer, Apple and an Android OS provider, Google have recently launched CarPlay and Google Android Auto, respectively, corresponding to individual standards. As a result, a user can use a display of a vehicle head unit through a second display of a smartphone by connecting the smartphone, which runs iOS or Android OS, to the vehicle head unit wirelessly or by wire.
In addition, application of MirrorLink solution led by the Car Connective Consortium has been gradually extended by several original equipment manufacturers (OEMs). In China, a function of linking a vehicle AVN system and a smartphone, which has been independently standardized by leading information technology (IT) companies such as Baidu, Tencent, etc., has been developed.
The function of linking the vehicle AVN system and the smartphone allows various applications of the smartphone to be conveniently used in the vehicle, allows applications suitable for the vehicle to be distributed through the ecosystem previously constructed by Apple/Google/Baidu, etc., and allows the applications to be frequently updated. Thus, it is possible to effectively overcome problems of the absence of the ecosystem, restriction on upgrade and connection, etc. that a conventional vehicle has had. Therefore, the function of linking the vehicle AVN system and the smartphone is expected to be a technology that can enhance marketability of a vehicle AVN system which can lag behind a conventional IT product.
Moreover, a recently released vehicle and smartphone support a vehicle-dedicated data channel for transmitting and receiving various types of vehicle-related control information and various types of information obtainable from the vehicle, for example, driving information, fuel efficiency information, breakdown information, etc.
However, the vehicle does not have a security authentication means for validating the smartphone, and thus has a problem of weak security of various control signals and data transmitted and received through the vehicle-dedicated data channel when the smartphone is hacked.
Information transmitted and received through the vehicle-dedicated data channel may include information which is fatal to vehicle security. Thus, when the information is leaked or changed, the leaked or changed information may have a fatal effect on safe driving. Therefore, use of the vehicle-dedicated data channel needs to be restricted depending on whether hacking is detected from a linkage between the vehicle AVN system and the smartphone.
More seriously, when code is counterfeited or falsified by a malicious hacker in a process of distributing SW of Apple/Google, etc., code having a potential security risk may be installed in the AVN system, and thus vehicle security risk may increase.
As illustrated in FIG. 1, according to a current technology of linking a smartphone and a vehicle AVN system, the smartphone and the vehicle AVN system are connected to each other using a physical communication means such as a universal serial bus (USB)/Wi-Fi/Bluetooth, and the vehicle AVN system decodes, renders, and outputs received data such as video or audio when the smartphone transmits the data. In addition, the vehicle AVN system may transmit, to the smartphone, input data input through an included input means such as a touch screen, a key button, etc., audio data for voice recognition, handoff, etc., positioning data acquired through a global positioning system (GPS) module included in the AVN system, etc. In addition, the AVN system may establish a vehicle-dedicated data channel and a particular application included in the smartphone to transmit and receive various types of vehicle control information and state information through the established vehicle-dedicated data channel. For example, the AVN system may transmit breakdown information, driving information, fuel efficiency information, etc. in a vehicle to the smartphone through the vehicle-dedicated data channel, and the smartphone may transmit various control instructions for collection of vehicle information and various control instructions for control of an operation of the vehicle such as emergency braking to the AVN system through the vehicle-dedicated data channel.
In a current linkage between a vehicle AVN system and a smartphone, while a standard is defined to validate integrity of the vehicle AVN system in terms of software or hardware in the smartphone, a standard is not yet defined to validate integrity of an operating system and software included in the smartphone in the vehicle AVN system.
In general, a vehicle head unit such as an AVN system is used in a physically controlled environment. In addition, the vehicle head unit is not continuously connected to a network, or software and firmware are not constantly updated by a user. Thus, security risk of the vehicle head unit is low when compared to a smartphone.
On the other hand, the smartphone is continuously connected to the network, and thus is continuously exposed to malicious hacking from outside. Thus, software having malicious code may be installed.
When the smartphone is hacked, a hacker may remotely control the smartphone to transmit a control instruction of emergency braking, a random operation of a steering wheel, etc. to a vehicle, thereby causing a serious problem in vehicle security.